
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


09/825,139 


04/03/2001 


David J. Wetherall 


41007.P005 


1582 



29127 7590 06/16/2005 

HOUSTON ELISEEVA 
4 MILITIA DRIVE, SUITE 4 
LEXINGTON, MA 02421 



EXAMINER 



BARQADLE, YASIN M 



ART UNIT 



PAPER NUMBER 



2153 

DATE MAILED: 06/16/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



s 



Office Action Summary 


Application No. 

09/825,139 


Applicant(s) 

WETHERALL ETAL 


Yasin M. Barqadle 


Art Unit 

2153 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 28 March 2005 , 
2a)S This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-32 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) S Claim(s) 1-32 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Response to Amendment 

1. The amendment filed on March 28, 2005 regarding claims 11, 
and 29-32 have been fully considered but are moot in view of the 
new ground (s) of rejection. 

• Claims 11,14 and 22-26 have been amended. 

• New claims 2 9-32 have been added. 

• Claims 1-32 are presented for examination. 

Response to Arguments 

2. In response to Applicant's arguments in page 14, first 
paragraph that "the applied reference does not show or suggest 
techniques for confronting denial service attacks as claimed". 
Examiner notes that "undesirable packets that are part of a 
denial service attacks" are not described in the specification 
in such a way as to enable one skilled. However, Examiner 
contends that new reference of Canion et al shows this 
limitation. See (fl 0171; § 0174-0177 and 5 0183-0187). 

In response to Applicant's arguments in page 13, last paragraph 
that "the invention of claim 1 is not described by this prior 
art reference." Examiner contends that the prior art of 
reference teaches the claimed invention. Specifically the steps 
of independently determining whether the packet is a part of a 
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conversation between the client and the server based at least in 
part on persistent information included in the packet. The 
packet is handled based in part on the result of the independent 
determination [each message or data packet transmitted between 
the client and the server has a structure as shown in fig. 4, 
that comprises compressed session identifier, envelope 
identifier and data payload. Based on compressed session 
identifier or the envelope identifier (client address and port 
number, server address and port number) , or both, it is 
determined to which session each received packet belongs, the 
packet is handled (routed or redirected to other networks) col. 
4, lines 46 to col. 5, line 16 and col. 5, lines 40-67]. 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 
U.S.C. 112: 

The specification shall contain a written description of the invention, and 
of the manner and process of making and using it, in such full, clear, 
concise, and exact terms as to enable any person skilled in the art to 
which it pertains, or with which it is most nearly connected, to make and 
use the same and shall set forth the best mode contemplated by the inventor 
of carrying out his invention. 



3. Claims 29 and 31 are rejected under 35 U.S.C. 112, first 
paragraph, as failing to comply with the written description 
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requirement. The claim (s) contains subject matter which was not 
described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor (s), 
at the time the application was filed, had possession of the 
claimed invention. "undesirable packet that is part of a denial 
of service attack on the server". 

4. Claims 29 and 31 are rejected under 35 U.S.C. 112, first 
paragraph, as failing to comply with the enablement requirement. 
The claim(s) contains subject matter which was not described in 
the specification in such a way as to enable one skilled in the 
art to which it pertains, or with which it is most nearly 
connected, to make and/or use the invention, "undesirable packet 
that is part of a denial of service attack ." The only time 
Applicant mentions "denial of service attack" in the 
specification happens to be at the. end of the background of the 
invention. 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which 
forms the basis for all obviousness rejections set forth in this 
Office action: 
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(a) A patent may not be obtained though the invention is not identically 
disclosed or described as set forth in section 102 of this title, if the 
differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in the 
art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

5. Claims 1-3 and 10 are rejected under 35 U.S.C. 103(a) as 

being unpatentable over Lin et al USPN (6269402) in view of 

Primak et al USPN. (6598077) . . 

As per claim 1, Lin et al teach a method of operation 
comprising : 

receiving a packet sent by a client device (102, fig. 1) 
destined for a server (104, fig, 1) [server receives data packets 
col. 3, lines 33-36]; 

independently determining whether said packet is a part of a 
conversation between the client and the server based at least in 
part on persistent information included in said packet 
[determining if session identifier exists in currently active 
sessions col. 4, lines 46 to col. 5, line 16 and col. 5, lines 
40-67]; and 

handling the packet based at least in part on the result of said 
independent determination [communication activity between the 
client and the server takes place based on the determined 
session identifier in the packet [col. 4, lines 46 to col. 5, 
line 16 and col. 5, lines 40-67], 
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Although Lin et al show substantial features of the claimed 
invention as explained in claim 1, he does not explicitly show a 
routing device. 

Nonetheless, routing devices that perform content routing in a 
client server network are well known in the art and would have 
been an obvious modification of the system disclosed by Lin et 
al, as evidenced by Primak et al USPN. (6598077). 
In analogous art, Primak et al whose invention is about a system 
for directing a client request (client 60, fig. 1) for dynamic 
content to an application server (fig. 1, server 30), disclose a 
system containing a dynamic content router (fig. 1, router 10) 
that examines a session communication between client and a 
server based on information (session identifier) associated with 
client request [fig. 1, Col. 4, lines 17-51 and col. 6, lines 9- 
53] . 

Giving the teaching of Primak et al, a person of ordinary skill 
in the art would have readily recognized the desirability and 
the advantage of modifying Lin et al by employing the dynamic 
content routing system of Primak et al because it facilitates 
the determining and identifying client requests containing 
verifiable session IDs in order to forward the request to the 
appropriate application server. 
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As per claim 2, Lin et al teach the invention, wherein said 
independent determination comprises independently verifying a 
conversation identifier included in said packet based at least 
in part on other information included (compressed ID or client 
address and port) in said packet [col, 4, lines 46-49 and col. 
5, 11-16] . 

As per claim 3, Lin et al teach the invention, wherein said 
independent verification comprises independently regenerating 
the conversation identifier using at least said other 
information included in said packet [generating a compressed 
session identifier that is derived from the a. long session 
identifier col. 4, lines 46-49 and col. 5, 11-16]; and 

comparing the independently re-generated conversation 
identifier with the included conversation identifier [searching 
a database of currently active sessions to determine if it is 
currently in use and which session a 'received packet belongs. to. 
Hence performing a comparing and identifying col. 4, lines 46-57 
and col . 5, 2-16] . 

As per claim 10, Lin et al teach the method of claim 1, wherein 
the method further comprises forwarding the packet to the server 
if the packet is deemed to be a part of a conversation between 
the client device and the server, and non-forwarding the packet 
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if the packet is deemed not a part of a conversation between the 
client device and the server [col, 6, lines 6-44]. 

6. Claims 11,17-19,22,29 and 32 rejected under 35 U.S.C. 
103(a) as being unpatentable over Lin et al USPN (6269402) in 
view of Primak et al USPN (6598077) and further in view of 
Canion et al USPN, (20020108059) . 

As per claim 11 and 22, these claims include similar limitations 
as explained in claim 1 above. 

Lin et al further teach a method of operation comprising: 
at least one processor (102 and 104, fig. 2) ; 
generating an independently verifiable conversation 
identifier for a packet destined for a client device, using at 
least persistent information that will be included in said 
packet [col. 4, lines 9-20; col. 4, lines 46 to col. 5, line 16 
and col. 5, lines 40-67]; 

including the independently verifiable conversation 
identifier with said packet for use by the client device to 
include in a subsequent packet sent by the client device 
destined for the server [col. 4, lines 9-20; col. 4, lines 46 to 
col. 5, line' 16 and col. 5, lines 40-67]; and 
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transmitting said independently verifiable conversation 
identifier included packet to said client device [col. 4, lines 
9-61] . 

Primark et al further teach a summation unit to insert the 
independently verifiable conversation identifier with a packet 
[col. 7, lines 63 to col. 8, lines 9 and col. 11, lines 41-56]. 

Although Lin et al and Primak et al show substantial features of 
the claimed invention as explained in claim 1 and 11 above, they 
do not explicitly show determining whether to forward or drop 
the packet through a network in response to the conversation 
identifier to protect the network against undesirable packets. 

Nonetheless, this feature is well known in the art and 
would have been an obvious modification of the system disclosed 
by Lin and Primak et al, as evidenced by Canion et al USPN. 
(20020108059) . 

In analogous art, Canion et al whose invention is about a system 
for detecting incoming data packets in a network, disclose a way 
of determining whether to forward or drop a packet through a 
network in response to a conversation identifier (received 
packet information) to protect the network against undesirable 
packets (packets with potential security violations) {1 0174- 
0177 and SI 0183-0187) . Giving the teaching of Bull et al, a 
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person of ordinary skill in the art would have readily 
recognized the desirability and the advantage of modifying Lin 
and Primak et al by employing the intrusion detection system of 
Canion et in order to identify packets with potential security 
violations for the advantage of protecting the network against 
network security attacks such as denial of service attacks, sync 
attacks, ping attacks and unauthorized attacks (1 0171 and 1 
0183-0187) . 

As per claim 17, this claim include similar limitations as 
explained in claim 1 and 11 above, Lin et al further teach: 

an interface to receive a packet sent by a client device 
destined for a server [fig- 2 and col. 3, lines 51-59]; and 
a function unit coupled to the interface to independently 
determine whether said packet is a part of a conversation 
between the client and the server based at least in part on 
persistent information included in the packet [fig. 2 and col. 
3, lines 51-59 and col. 4, lines 46-49 and col. 5, 11-16]; and 

output a packet disposition signal based at least in part 
on the result of said independent determination [fig. 1; col. 4, 
lines 46 to col. 5, line 16 and col. 5, lines 40-67], 
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As per claim 18, Lin et al teach the invention, wherein said 
function unit is to designed to make said independent 
determination by independently verifying a conversation 
identifier included in said packet based at least in part on 
other information included in said packet [col. 3, lines 51 to 
col. 4, line 49 and col. 5, 11-16]. 

As per claim 19, this claim includes similar limitations as 
claim 3 above. Therefore, it is rejected with the same 
rationale. 

As per claim 29, Canion et al teach the invention, wherein the 
method further comprises forwarding the packet to the server if 
the packet is deemed to be part of a conversation between the 
client device and the server, and dropping the packet if the 
packet is deemed to be an undesirable packet the is part of a 
denial of service attack on the server (H 0174-0177 and I 0183- 
0187) . 

As per claim 32, Canion et al as modified teach the invention, 
where the function unit (processing unit) drops packets that are 
not part of the conversation identifier to protect the server 
against receipt of undesirable packets (5 0174-0177 and 1 0183- 
0187) . 
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Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs 
of 35 U.S.C. 102 that form the basis for the rejections under 
this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for 
patent by another filed in the United States before the invention thereof 
by the applicant for patent, or on an international application by another 
who has fulfilled the requirements of paragraphs (1), (2), and (4) of 
section 371(c) of this title before the invention thereof by the applicant 
for patent. 

7. Claims 14-16 and 26-28 are rejected under 35 U.S.C. 102(e) 
as being anticipated by Bull et al USPN (6799270) . 

As per claims 14 and 26, Bull et al teach a method of operation 
comprising [fig. 1] : 

receiving a packet a from a server [col. 4, lines 12-34]; 
extracting from the packet at least an independently verifiable 
conversation identifier included in the packet by the server for 
inclusion in a subsequent packet of the client device for the 
server (col. 2, lines 21-36), to allow one or more intermediate 
routing devices to be able to independently determine whether to 
permit continuing forwarding of the subsequent packet of the 
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client device to the server [col. 2, lines 21-36 and col. 15, 
lines 1-60] ; and 

saving said extracted at least independently verifiable 
conversation identifier for said subsequent use [col. 2, lines 
21-36 and col. 15, lines 1-60]. 

As per 1 claims 15 and 27, Bull etal teach the invention, wherein 
the method further comprises retrieving at least a saved 
independently verifiable conversation identifier [col. 14, lines 
35-67]; 

including the retrieved independently verifiable 
conversation identifier in a packet to be sent to the server 
[col. 4, lines 12-34; and 

the independently verifiable conversation identifier 
included packet to the server [col. 2, lines 21-36 and col. 15, 
lines 1-60] . 

As per claims 16 and 28, Bull et al teach the invention, wherein 
extracting an included nonce and an associated sequence number 
of the nonce, the nonce being independently verifiable by a 
party using a deterministic function and having knowledge of a 
secret value, based on persistent information included in the 
packet [Col. 5, lines 9-34 and Col. 6, lines 7-65]. 
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8. Claims 4-9, 12-13 and 21, 23-25 rejected under 35 U.S.C. 
103(a) as being unpatentable over Lin et al USPN (6269402) in 
view of Bull et al USPN (6799270) and further in view of Primak 
et al USPN (6598077) . 

As per claims 4 and 12, although Lin et al and Primak et al show 
substantial features of the claimed invention as explained in 
claim 1 and 11 above, they do not explicitly show a nonce. 

Nonetheless, this feature is well known in the art and 
would have been an obvious modification of the system disclosed 
by Lin et al, as evidenced by Bull et al USPN . (16799270) . 
In analogous art, Bull et al whose invention is about a system 
for securely distributing session keys over a network of a chain 
of nodes including client nodes (14), server nodes (18) and 
intermediate nodes (18), disclose a bit string of data that 
includes a nonce ' (randomly generated value that is concatenated 
to the end of a message) that is used for identification and 
verification purpose [Col. 6, lines 39-50 and col. 7, lines 21- 
60] . Giving the teaching of Bull et al, a person of ordinary 
skill in the art would have readily recognized the desirability 
and the advantage of modifying Lin et al by employing the system 
of Bull et in order to generate a unique value that identifies a 
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client session and to verify the integrity of the response 
coming from the server [Col. 6, lines 39-50 and col. 7, lines 
29-35] . 

Bull et al further teaches said re-generating the nonce 
using a deterministic function with a sequence number of the 
nonce and a plurality of persistent field values extracted from 
the packet, and a pre-provided secret value as inputs to the 
deterministic function [Col. 5, lines 9-34 and Col. 6, lines 7- 
65] . 

As per claims 5, 13 and 24, Lin et al teach the invention, 
wherein said plurality of persistent field values comprise one 
or more of a source address, a destination address and a port 
number [col. 5, 2-7]. 

As per claim 6, Bull et al further teach the invention as 
explained in claim 4 above, wherein the method further comprises 
at least one of receiving into said routing device said secret 
value, and equipping/configuring said routing device with said 
deterministic function [Col. 5, lines 9-34 and Col. 6, lines 7- 
65] . 

As per claim 7 and 25, Bull et al further teaches the invention, 
wherein said independent generation is performed using a 
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selected one of a message authentication code function and an 
universal hash function [col. 5, lines 39 to Col. 6, lines 7- 
47] . 

As per claim 8, Primark et al as modified teach the invention, 
wherein the method further comprises recording a time of first 
observation for the nonce if the nonce is a newly observed nonce 
[col . 9, lines 20-67] . 

As per claim 9, "Primark et al as modified teach the invention, 
wherein the method further comprises determining if time has 
elapsed more than a predetermined threshold since a time of 
first observation was recorded for the nonce, if the extracted 
nonce and the independently generated nonce are deemed to be the 
same [col. 9, lines 20-67]. 

As per claims 20-21 and 23, these claims include similar 
limitations as claim 4 and 12 above. Therefore, they are 
rejected with the same rationale. 

9. Claims 30 and 31 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Bull et al USPN (6799270) in view of 
Canion et al USPN. (20020108059) . 
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As per claims 30 and 31, Although Bull et al shows substantial 
features of the claimed invention as explained in claims 14 and 
2 6 above, he does not explicitly show dropping a packet through 
a network in response to a conversation identifier to protect 
the network against undesirable packets that is part of a denial 
of service attack 

Nonetheless, this feature is well known in the art and 
would have been an obvious modification of the system disclosed 
by Bull et al, as evidenced by Canion et al USPN. (20020108059) . 
In analogous art, Canion et al whose invention is about a system 
for detecting incoming data packets in a network, disclose a way 
of dropping' (discarding) a packet through a network in response 
to a conversation identifier (packet information) to protect the 
network against undesirable packets that is part of a denial of 
service attack (1 0174-0177 and 0183-0187) . Giving the 
teaching of Bull et al, a person of ordinary skill in the art 
would have readily recognized the desirability and the advantage 
of modifying Lin and Primak et al by employing the intrusion 
detection system of Canion et in order to identify packets with 
potential security violations for the advantage of protecting 
the network against network security attacks such as denial of 
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service attacks, sync attacks, ping attacks and unauthorized 
attacks (SI 0171 and 1 0183-0187). 

Conclusion 

10. ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is 
reminded of the extension of time policy as set forth in 37 
CFR 1.136(a) . 

A shortened statutory period for reply to this final action 
is set. to expire THREE MONTHS from the mailing date of this 
action. In the event a first reply is filed within TWO MONTHS 
of the mailing date of this final action and the advisory action 
is not mailed until after the end of the THREE-MONTH shortened 
statutory period, then the shortened statutory period will 
expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated 
from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than 
SIX MONTHS from the date of this final action. 

The prior made of .record and not relied upon is considered 
pertinent to applicant's disclosure. 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Yasin 
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Barqadle whose telephone number is 571-272-3947. The examiner 
can normally be reached on 9:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are 
unsuccessful, the examiner's supervisor, Glenn Burgess can be 
reached on 571-272-3949. The fax phone numbers for the 
organization where this application or proceeding is assigned 
are 703-872-9306 for regular communications and 703-74 6-7,238 for 
After Final communications. 

Any inquiry of a general nature or relating to the status 
of this application or proceeding should be directed to the 
receptionist whose telephone number is 703-305-3900. 

Information regarding the status of an application may be 
obtained form the Patent Application Information Retrieval 
(PAIR) system.. Status information for published applications may 
be obtained from either private PAIR or public PAIR system. 
Status information for unpublished applications is available 
through private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have 
questions on access to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 866-217-9197 (toll-free) . 
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